If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

iptabe order

i have been reading around how to set up iptables to act as a firewall
at the moment i have a very basic NAT script which works on boot up and allows my other computers to access the internet through a gateway box

i would like to incoperate this into the nessacery firewall script

my question is when i write the script does it matter where i put the 'filter' section and the 'nat' parts or does the position in the script make no difference??

( I’m drunk again, for good reason, but I think I remember this. ) The Nat-ing will be done first, in Prerouting. Remember, No filtering should be done in this table. Then the packets will pass through the appropriate filters ( or tables as you were ). If you are Nat-ing ( or masquerading ) these packets would then pass through the Forward table. Naturally, if you branch off the Forward table to something like a user created table named, say one named ICMP, it would traverse that, and if not “matched” would then go back to continue to traverse the Forward table until “matched” or it hits the default policy for the Forward table.

If you read through and understand the above thread ( you have been using Iptables for over a year judging by your prior posts ) and understand how the packets travel through the tables then you should be able to answer your own question. When in doubt, list the table rules ( see the man pages for how to list them, and don’t forget to include line numbers, they help when debugging ).

Just remember ... you may set up up excelent rules to protect your internal network on this gateway firewall box using the Forward tables, but if you don’t protect the box itself using the Input and Output tables your work could be for not!

" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes